Re: Programmatically installing Client Root Certificates

From: Sergio Dutra [MS] (sergio_at_online.microsoft.com)
Date: 07/09/04

  • Next message: lelteto: "RE: More about sign CSP" 
    Date: Fri, 9 Jul 2004 08:37:16 -0700

    You install root certificates into the "root" store. "root" is the name you
    pass in to CertOpenStore, then use CertAddCertificateContextToStore to add
    the certificate to the root store.

    Note that certificates in the root store must be self-signed. Also, the user
    will get a dialog prompting for acceptance or rejection of the certificate
    prior to it being installed. If the user rejects the certificate, it will
    not be added to the root store. 

    -- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"kr" <kr@discussions.microsoft.com> wrote in message 
news:EE1020F2-5C09-4233-B816-7CC33654F936@microsoft.com...
>I have come accross some CertXYZ API that I thought could be used to 
>install CA Root Certificates on the client machine.
>
> Assuming that these are the correct API for this purpose...
>
> what would be the correct certificate store that should be used to store 
> the root certificates? I have tried some sample code to enumerate 
> installed certs for store "CA" but I have noticed a bunch of store names 
> including "root" when I enumerated stores.
>
> I am assuming that once installed, this can be used to create the 
> CERT_CONTEXT to be passed in to the InternetSetOption to set the client 
> certificate. Perhaps the cert does not need to be installed but can simply 
> be used in the above mentioned API for SSL communication?
>
> Regardless, any pointers to some sample code to install root certificate/ 
> certificate chain would be greatly appreciated.
>
> Thanks for the help...
  • Next message: lelteto: "RE: More about sign CSP"

    Relevant Pages

    • Re: Unable to unwrap a symmetric key using the private key of an X.509
      ... The problem is related to the certificate store on the web service side. ... You installed the certificate in "OtherPeople" store but the policy points ... You should install the certificate in the "Personal" store. ...
      (microsoft.public.dotnet.framework.webservices.enhancements)
    • Re: OWA certificate cannot be verified
      ... They need to install the certificate into the trusted root store. ... this adds the root CA certificate to the trusted root store. ... never deploy the actual PFX file of the Web server certificate. ...
      (microsoft.public.security)
    • Bug in CertGetCertificateChain() on W2K (SP2) machines
      ... we have install our own W2K CA server root certificate and corresponding ... On W2K and WXP, when a user installs a Root cert, it goes into to the ... The user certificate on WXP is stored by default into the "Other ... ...no problem with the cert install wizard. ...
      (microsoft.public.win2000.security)
    • Problem installing Root Certificates
      ... I just got an o2 atom however I can't get it to install a root ... install root certificates in Windows Mobile 5.0 pocket pc phone edition? ... To install the root certificate on your Windows Mobile 5 device: ...
      (microsoft.public.pocketpc.phone_edition)
    • Re: RPC over HTTP 1st time w/ Vista - Trouble installing Certificate
      ... And do NOT select automatic store - you need to put it in the Root store. ... The reason is that the elevated user is not the same as the regular user, and the default is to put it in the user's store. ... From waht i can tell everything is setup correctly, but the only thing that isn't going as planned is the installation of the certificate. ... Normally I have the user go to the mail.mycompany.com/exchange and install the certificate at the warning that pops up. ...
      (microsoft.public.windows.server.sbs)